PT-2026-27460 · Unknown · Libvncserver

Y637F9Qq2X

Publicado

2026-03-24

Atualizado

2026-05-09

CVE-2026-32853

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to commit 009008e LibVNCServer version 0.9.15

Description The software contains a heap out-of-bounds read issue in the UltraZip encoding handler. A malicious VNC server can exploit this to cause information disclosure or application crash. The issue is due to improper bounds checking in the HandleUltraZipBPP() function. Attackers can manipulate subrectangle header counts to read beyond the allocated heap buffer.

Recommendations Update to a version after commit 009008e.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2026-32853

OESA-2026-2252

OESA-2026-2253

OESA-2026-2254

OESA-2026-2255

OPENSUSE-SU-2026:10433-1

OPENSUSE-SU-2026:20552-1

SUSE-SU-2026:1124-1

SUSE-SU-2026:1173-1

SUSE-SU-2026:1174-1

SUSE-SU-2026:21206-1

Produtos afetados

Libvncserver

PT-2026-27460 · Unknown · Libvncserver

CVE-2026-32853

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32